Role Description

Reporting to the Chief Information Security Officer (CISO), you will lead the governance, risk, and compliance (GRC) function for Information Security across [Employer hidden — sign up to reveal] UK, including the supplier assurance team. This role ensures alignment with internal frameworks, regulatory requirements, and industry standards. Further you will be pivotal in driving the security culture of [Employer hidden — sign up to reveal] and leading our outreach and Information Security risk agenda across our supplier ecosystem. This is a 10-12 Month Fixed Term Contract.

Key Accountabilities

• Governance & Strategy: Define and execute the InfoSec governance strategy aligned to business objectives and corporate risk appetite. Lead the Governance I annual self-assessment, ensuring alignment with [Employer hidden — sign up to reveal] Group expectations. Oversee annual NIST, Cyber Essentials certification and PCI-DSS attestation. Ensure compliance with [Employer hidden — sign up to reveal] frameworks (AFRIT, AFRIS, AFIRM) and UK regulatory standards. Develop and maintain the InfoSec control framework, integrating with AZC and AZP change governance.
• Risk Management: Own and manage Archer GRC platform activities, including risk identification, assessment, mitigation, and reporting. Maintain the InfoSec risk register and ensure timely resolution of actions by risk owners. Provide assurance that InfoSec risks are monitored and managed across operational and change environments. Engage with Board Risk Committee, Compliance, and Audit to ensure InfoSec risk management is aligned with enterprise governance.
• Supplier Assurance: Oversee the information security assurance of third-party suppliers, ensuring alignment with internal policies and regulatory requirements. Maintain a supplier risk assessment framework, including onboarding, periodic reviews, and exit processes in line with Group requirements. Ensure suppliers meet contractual InfoSec obligations and provide evidence of compliance. Collaborate with Procurement, Legal, and Risk teams to manage supplier-related risks and remediation activities. Escalate key risks and issues to information security and OPSIT leadership as necessary.
• Reporting & Assurance: Lead the production of Executive governance reporting and submissions to [Employer hidden — sign up to reveal] Group and local Stakeholders. Deliver regular Board-level reporting on information security posture, risk trends, and compliance status. Act as IRCS Risk Officer for InfoSec, supporting AZC and AZP risk committees with governance MI. Evaluate risk mitigation and audit response plans, escalating risks beyond appetite to senior leadership.
• Collaboration & Oversight: Partner with the wider OpsIT function and the business to embed InfoSec controls across BAU and project activities. Ensure delivery of InfoSec quality, standards, and assurance functions with effective performance tracking. Monitor the effectiveness of InfoSec controls and escalate deficiencies to the CIO and senior leadership.

Technical Skills

• Lead and oversee robust IS Governance & Risk frameworks based on industry standards within delivery methods and processes
• Ability to produce reports, presentations and formal papers for senior stakeholders
• Manage comprehensive security risk catalogue with clear ownership and tracking mechanisms
• Enhance security controls within IT delivery methods and associated processes
• Ensure quality assurance of security elements in change projects, collaborating with Change Directors
• Partner with CIO to maintain comprehensive security control oversight across operational environments
• Document, test, and remediate key security controls to maintain a secure technology environment
• Track and escalate audit findings, ensuring timely remediation of security issues

Experience

• Extensive relevant experience in Information Security and risk management
• Strong track record of Group alignment and CXO committee exposure preferred
• Business knowledge of the insurance sector preferred
• Consulting experience or Customer facing sales experience preferred
• Experience in using presentation tools to a high standard

What We Will Offer You

• Flexible buy/sell holiday options
• Hybrid working
• Annual performance related bonus
• Contributory pension scheme
• Development days
• A discount up to 50% on a range of insurance products including car, home and pet
• Retail discounts
• Volunteering days

Our Ways of Working

Do you need flexibility with the hours you work? Let us know as part of your application. Here at [Employer hidden — sign up to reveal], we are signatories of the ABIs flexible working charter. We believe in supporting hybrid work patterns. Your work life balance is important to us.

Integrity, Fairness, Inclusion & Trust

At [Employer hidden — sign up to reveal], we believe in fostering an inclusive workforce. We are an equal opportunity employer with accreditations: EDGE certified, Women in Finance Charter members, Disability Confident employer, Stonewall Diversity Champion, Business in the Community's Race at Work Charter signatories, and Armed Forces Covenant gold standard employer. We embrace neurodiversity and welcome applications from neurodivergent and disabled candidates. For any inquiries or to submit your application, please contact [Employer hidden — sign up to reveal] at [Employer hidden — sign up to reveal].

We reserve the right to close the advert early if we reach enough applications. 96773 | IT & Tech Engineering | Professional | [Employer hidden — sign up to reveal] Executive | [Employer hidden — sign up to reveal] UK | Full-Time | Permanent